Malaysia sees rise in ransomware as firms urged to shift culture
Malaysia is witnessing a shift in cybersecurity challenges amid digital transformation, with organisations urged to address cultural shortcomings to enhance resilience against evolving threats.
Recent figures highlight a 4% decrease in reported cyber incidents in 2024 across Malaysia. However, this modest improvement is offset by a significant 78% rise in ransomware attacks, indicating that the sophistication and ambition of cybercriminals are intensifying. Phishing remains the predominant technique, accounting for 71% of fraud-related breaches, while sectors such as government have been persistently targeted, with over 1,500 attacks directed at Malaysian ministries in 2024 alone.
Major institutions have also been affected, including Malaysia Airports Holdings Berhad (MAHB), which was confronted with a ransom demand totalling USD $10 million. These examples illustrate the capability of threat actors to exploit not only technical vulnerabilities, but also cultural and procedural weaknesses within organisations.
Organisational mindset
Many Malaysian organisations retain restrictive IT practices that, while intended to protect, may inadvertently hinder progress, reduce agility, and discourage adoption of advanced digital solutions. Such approaches, experts argue, can leave companies resistant to change and more vulnerable in the face of rapidly changing attack techniques, such as new forms of malware, malicious APKs, and targeted phishing operations.
Calls are mounting for organisations to move beyond compliance-driven approaches to cybersecurity. Instead, companies are encouraged to cultivate an integrated and proactive security culture. The belief, increasingly voiced by industry specialists, is that a robust security disposition is crucial for long-term protection as well as for enabling innovation and business growth.
Transition support
NEC Malaysia is offering support to businesses by facilitating transitions from outdated systems to modern security platforms through its Cybersecurity Trade-Up Program. This approach is intended to make the shift more efficient and financially accessible, addressing concerns about the resource demands of maintaining up-to-date defences.
"Our Trade-Up Program allows customers to swap out expiring hardware or software—be it Fortinet or other brands—to gain access to modern and robust cybersecurity solutions. We are well-positioned to support companies' needs, serving as both a cybersecurity integrator and a managed services provider," shares Eddie Hooi, Head of Global Network Services & APAC CoE Business Development Lead of NEC Corporation of Malaysia.
Companies that participate receive access to new solutions, including the Next Generation Firewall (NGFW) Hub, Intrusion Prevention Service (IPS), Web Application Firewall (WAF), and Zero Trust Network Access (ZTNA). These upgrades are positioned as ways to offer not only improved security but also better performance and ongoing support.
Operational resilience
Addressing the demands of organisations preferring to hand off their security operations, NEC Malaysia provides a suite of managed services. These offerings include continuous monitoring and rapid incident response, underpinned by a round-the-clock Security Operations Center (SOC) and Network Operations Center (NOC) in Sunway Iskandar Puteri, Johor.
"Our Security Operations Center (SOC) and Network Operations Center (NOC) in Sunway Iskandar Puteri, Johor delivers 24/7 incident management and nationwide remediation through a dedicated Managed Services Desk—ensuring rapid response and operational resilience," said Kevin Lai, Solution Specialist of NEC Corporation of Malaysia.
Alongside direct incident response, NEC Malaysia delivers asset and configuration management and threat prediction services. This combination is aimed at providing businesses with comprehensive oversight and control over their IT environments.
Cultural imperatives
Despite enhanced technical measures, industry leaders argue that building a strong security culture within businesses is equally important. Outdated or excessively restrictive policies can have an adverse effect by deterring positive transformation and creating resistance to necessary change.
Lai adds, "Cybersecurity transcends IT—it demands a culture-wide commitment. However, even the most advanced cybersecurity systems can be undermined by weak internal practices. Building a strong security culture is just as critical as deploying the right technologies. There is a need to prioritize mindset shifts aside from just tool upgrades; we need to consider the importance of education, clear protocols, and shared responsibility."
The complexity and frequency of cyber threats continue to grow, indicating that effective security cannot be treated as a one-off investment; rather, it requires continual adaptation, education and collaboration across all levels of an organisation.
NEC Malaysia continues to partner with both local and multinational enterprises, leveraging international best practices and alliances with industry technology providers to maintain and enhance digital resilience in a changing landscape.